Data Breaches Hit California Small Businesses, Too

Learn why these companies fell prey to breaches and how you can avoid their mistakes.


National Fraud Awareness Week is the perfect opportunity for professionals and business owners to reflect on the far-reaching impact of fraud. It’s coming up later this year, beginning November 11 and lasting until the 17th. During this week-long conversation, one of the most important areas of discussion will likely be how fraudsters use data breaches to gain access to key information they’ll later use to siphon money from legitimate sources — and ruin millions of lives in the process.

Small business owners might not see themselves as potential victims and instead assume hackers only ever really go after the huge brands mentioned in the news.

According to the 2018 Verizon Data Breach Report, businesses with less than 100 employees account for 58 percent of data breaches. In 2016, California small businesses were one of the top sectors with the largest share of breaches at 15 percent.

Why does the percentage of small businesses targeted remain high? Sadly, ease of access is the most likely culprit. Large corporations collectively have billions of dollars they can pour into improving security. Small businesses … do not.

Though California small business owners may lack the financial resources of much larger companies, the good news is that there are low cost (or no cost) ways to keep their businesses safe. It might be as simple as reading about another company’s breach headaches and making sure their data woes don’t become your own.

Quality Care Pharmacy

The Quality Care Pharmacy data breach, which was first reported in April 2018, saw criminals make off with hundreds of thousands of dollars in stolen pills. But that wasn’t all. The thieves also took documents, laptops, and various devices containing all kinds of information about the business’s customers. To make matters worse, this was just the latest in a string of burglaries at the San Marcos, California pharmacy. The most recent theft reportedly impacted around 3,000 patients.

key takeaway

The fourth time wasn’t so charming for the Quality Care Pharmacy. After previous thefts, it really did seem like a matter of time before criminals got their hands on patient data. Don’t wait for theft to happen. Take the necessary precautions to protect your business against data leaks before a devastating breach occurs.

get the 5-steps + a free poster

Alliance Direct Lending

In April 2017, Kromtech security researchers happened across a repository containing information made available for the public containing extremely private information. Kromtech later determined an auto lending company named Alliance Direct Lending owned the repository.

The easily accessible data included names, addresses, credit scores, vehicle information, and partial social security numbers. There were also leaked conversations between lenders and customers. Researchers estimated data belonging to anywhere between 500,000 and one million people were accidentally made public by the Orange, California-based auto lender.

Alliance has an otherwise stellar reputation, proving that data breaches can happen to small businesses regardless of whether they’re well-recommended by customers. Kromtech reached out to Alliance about the leaked information.

Although it’s since been taken care of, neither party knows how long the breached information was available of if anyone with criminal intentions downloaded customer data.

key takeaway

Small business owners must protect all of their data with equal vigor by using sensible data management practices. A guiding resource for how to make this happen for your small business would be to take a closer look at the principles outlined by HIPAA.

get 3 HIPAA takeaways for any business

MyFitnessPal

The MyFitnessPal breach is unique in that it affected a small business; however, as of 2015, it was technically a subsidiary of a much larger business (Under Armour). The California-based MyFitnessPal might have thought security measures wouldn’t be a problem after Under Armour bought the app, but the February 2018 data breach demonstrated the opposite.

It wasn’t until March that Under Armour/MyFitnessPal realized that an unauthorized third party had accessed usernames, email addresses, and password information. Upwards of 150 million customers were impacted by the data breach.

key takeaway

It’s ideal to have record strategies in place ahead of a merger. Doing so isn’t just crucial for a seamless M & A transition. As the MyFitnessPal breach demonstrated, a massive breach on the small business end of the merger could complicate things for the buyer or potential buyer in a way that’s sure to ruffle feathers down the line.

get 5 cases for inactive records strategy

Sources:

Claims San Diego pharmacy waited months to notify all patients about serious security breach | ABC 10 News
Auto Financing Company Leaks 500K+ of Customer’s Info Online | Kromtech
California Data Breach Report | State of California Department of Justice

Want to increase data protection awareness in your office?

Get Corodata's new poster delivered right to your inbox: "7 Data Breach Risks in Your Office You Never Thought Of." Download, print, and hang it to keep data protection at the forefront with your employees.